Holiday hackers: Watch out for crypto phishing
With the end-of-year rush, crypto users are prime targets for fraudsters. Protect yourself from scams with these essential tips

A time for joyful shopping and anticipated reunions, the holiday season is just around the corner. However, in the midst of this festivity, it also presents prime opportunities for hackers—leaving unsuspecting victims more vulnerable to scams and attacks.
According to cybersecurity experts, crypto phishing attacks could rise over the holiday season, as scammers capitalize on Christmas festivities.
Phishing is a type of scam that involves attempting to steal personal information, such as usernames, bank account details, or other crucial data. This stolen information is usually used maliciously. To execute a phishing scheme, scammers typically impersonate reputable sources—luring victims in with the ultimate goal of tricking them. It’s similar to how fishermen use bait to lure fish in to ultimately catch them.
One famous crypto phishing scam case was that of Bee Token. In 2018, bad actors capitalized on the networks’ initial coin offering (ICO)—which is a popular fundraising method for crypto ventures that is similar to initial public offerings (IPO) in stocks—to trick investors.
According to CoinDesk, the scammers accessed Bee Token's mailing list and impersonated operators using official-looking email addresses. They contacted potential buyers who had signed up for the full sale of the token.
Through this phishing scheme, the scammers were able to swindle almost $1 million in about 25 hours.
@thebeetoken is this real or fake? pic.twitter.com/dYZekctKxH
— DOGE Anonymous (@CrptoAnonymous)
These types of scams have persisted on the crypto and wider financial landscape, targeting unsuspecting victims and leaving them with significant losses.
Scam Sniffer, a crypto scam monitoring platform, reported that more than 9,200 investors lost $9.4 million in November due to phishing schemes. In fact, one victim lost $661,000 worth of stETH in a matter of minutes.
🧵 [1/7] 🚨 ScamSniffer November Phishing Report
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer)
$9,380,000 STOLEN
9,208 VICTIMS
November saw one victim lose $661K in stETH within minutes - and that's just the tip of the iceberg.
Let's dive into the dark side of Web3... 🧵 pic.twitter.com/HDyBGh5tPj
The platform added that malicious signatures are crypto scammers’ deadliest weapon. According to Chainalysis, in an approval phishing scam, bad actors deceive individuals into signing a blockchain transaction that is malicious, which ultimately approves the scammer's address to spend certain tokens in the victim's crypto wallet. Because of this, some victims end up losing tens of millions.
Aside from this, Darktrace, a global AI cybersecurity leader, also reported a notable trend: Christmas-themed phishing scams went up by 327% during Black Friday week, which happened on November 25 to 29. Similarly, Black Friday-themed phishing attacks went up by 692% compared to the first week of November.
Apparently, bad actors sought to exploit both companies and consumers during this bustling shopping season.
More phishing attacks could occur in December, as scammers try exploiting online transactions ahead of Christmas. Dedd Lavid, the CEO and co-founder of Web3 security platform Cyvers, told Cointelegraph, “Awareness of holiday-themed phishing attacks is crucial, along with tools like real-time monitoring to flag suspicious behaviors promptly.”
Lavid further emphasized the importance of strong security practices and vigilance and recommended two-factor authentication, avoiding public WiFi for crucial activities, and verifying communications as security measures.
Nathaniel Jones, the VP of Threat Research Darktrace, also said, “The festive shopping season creates a perfect storm for cyber criminals,” adding that “both consumers and brands need to be increasingly alert to potential scams.”
How to avoid crypto phishing scams
While even experienced crypto investors can fall victim to these schemes, there are tips for staying ahead of these scammers. To avoid falling victim to phishing schemes over the holidays, follow these tips.
Be cautious about sharing personal information
With the holiday season, an influx of Christmas-themed messages and promotions are bound to flood crypto users’ email accounts. While several of these communications are legitimate, be cautious of official-looking messages involving unsolicited requests for personal information or funds.
It is important to first verify the legitimacy of these messages, as they could be malicious. Never send approval or provide information without first engaging in DYOR (do your own research).
Scammers are creative and skilled enough to make their email and messages appear professional and official—even when they aren't. Because of this, it is important to double-check sources by visiting official websites and social media channels. Individuals can also go the extra mile by contacting institutions directly to confirm requests for information.
When in doubt, it is better to avoid engaging with these sources as a whole. Moreover, if offers sound too good to be true, they are likely fake.
Protect passwords, OTPs, and private keys
There's a reason why certain information is considered private. Login credentials like passwords and one-time-pins (OTPs) should be kept hidden. Always protect sensitive codes like OTPs, as this may grant scams unauthorized account access.
It is also important to protect private keys, as these offer full management and control over assets. These keys should not be kept in locations that are prone to hacking.
Avoid clicking suspicious links
At times, scammers and phishers may include suspicious links in their messages and urge recipients to click on them. These links may take recipients to an impersonated website that aims to steal information, prompt users to install malware, or ask individuals to approve malicious blockchain transactions in the guise of harmless activity.
Some of these links may appear blatantly suspicious. By dragging your cursor over the link, you can see its URL without clicking it. In most cases, phishing URLs are confusing, long, and loaded with unusual characters, which they use to disguise the true destination of the link.
Don't fall for these schemes
Though bad actors may capitalize on the Christmas rush, individuals do not need to fall for their tricks. With awareness and strong security practices, investors and traders can enjoy Christmas with peace of mind—focusing on celebration and connection over crypto cyber threats.